-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathtest_gen_ai.py
114 lines (102 loc) · 4.4 KB
/
test_gen_ai.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
import hmac
from hashlib import sha256
from unittest.mock import patch
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APITestCase
from shared.django_apps.core.tests.factories import OwnerFactory
from codecov_auth.models import GithubAppInstallation
PAYLOAD_SECRET = b"testixik8qdauiab1yiffydimvi72ekq"
VIEW_URL = reverse("auth")
def sign_payload(data: bytes, secret=PAYLOAD_SECRET):
signature = "sha256=" + hmac.new(secret, data, digestmod=sha256).hexdigest()
return signature, data
class GenAIAuthViewTests(APITestCase):
@patch("api.gen_ai.views.get_config", return_value=PAYLOAD_SECRET)
def test_missing_parameters(self, mock_config):
payload = b"{}"
sig, data = sign_payload(payload)
response = self.client.post(
VIEW_URL,
data=data,
content_type="application/json",
HTTP_HTTP_X_GEN_AI_AUTH_SIGNATURE=sig,
)
self.assertEqual(response.status_code, 400)
self.assertIn("Missing required parameters", response.data)
@patch("api.gen_ai.views.get_config", return_value=PAYLOAD_SECRET)
def test_invalid_signature(self, mock_config):
# Correct payload
payload = b'{"external_owner_id":"owner1","repo_service_id":"101"}'
# Wrong signature based on a different payload
wrong_sig = "sha256=" + hmac.new(PAYLOAD_SECRET, b"{}", sha256).hexdigest()
response = self.client.post(
VIEW_URL,
data=payload,
content_type="application/json",
HTTP_HTTP_X_GEN_AI_AUTH_SIGNATURE=wrong_sig,
)
self.assertEqual(response.status_code, 403)
@patch("api.gen_ai.views.get_config", return_value=PAYLOAD_SECRET)
def test_owner_not_found(self, mock_config):
payload = b'{"external_owner_id":"nonexistent_owner","repo_service_id":"101"}'
sig, data = sign_payload(payload)
response = self.client.post(
VIEW_URL,
data=data,
content_type="application/json",
HTTP_HTTP_X_GEN_AI_AUTH_SIGNATURE=sig,
)
self.assertEqual(response.status_code, 404)
@patch("api.gen_ai.views.get_config", return_value=PAYLOAD_SECRET)
def test_no_installation(self, mock_config):
# Create a valid owner but no installation
OwnerFactory(service="github", service_id="owner1", username="test1")
payload = b'{"external_owner_id":"owner1","repo_service_id":"101"}'
sig, data = sign_payload(payload)
response = self.client.post(
VIEW_URL,
data=data,
content_type="application/json",
HTTP_HTTP_X_GEN_AI_AUTH_SIGNATURE=sig,
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, {"is_valid": False})
@patch("api.gen_ai.views.get_config", return_value=PAYLOAD_SECRET)
def test_authorized(self, mock_config):
owner = OwnerFactory(service="github", service_id="owner2", username="test2")
GithubAppInstallation.objects.create(
installation_id=12345,
owner=owner,
name="ai-features",
repository_service_ids=["101", "202"],
)
payload = b'{"external_owner_id":"owner2","repo_service_id":"101"}'
sig, data = sign_payload(payload)
response = self.client.post(
VIEW_URL,
data=data,
content_type="application/json",
HTTP_HTTP_X_GEN_AI_AUTH_SIGNATURE=sig,
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data, {"is_valid": True})
@patch("api.gen_ai.views.get_config", return_value=PAYLOAD_SECRET)
def test_unauthorized(self, mock_config):
owner = OwnerFactory(service="github", service_id="owner3", username="test3")
GithubAppInstallation.objects.create(
installation_id=2,
owner=owner,
name="ai-features",
repository_service_ids=["303", "404"],
)
payload = b'{"external_owner_id":"owner3","repo_service_id":"101"}'
sig, data = sign_payload(payload)
response = self.client.post(
VIEW_URL,
data=data,
content_type="application/json",
HTTP_HTTP_X_GEN_AI_AUTH_SIGNATURE=sig,
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, {"is_valid": False})